spring-security-jwt

JWT authentication with spring security

License	License ASL2
Categories	Categories Security
GroupId	GroupId com.mercateo.spring
ArtifactId	ArtifactId spring-security-jwt
Last Version	Last Version 2.1.1
Release Date	Release Date May 20, 2020
Type	Type jar
Description	Description spring-security-jwt JWT authentication with spring security
Project URL	Project URL https://github.com/Mercateo/spring-security-jwt
Project Organization	Project Organization Mercateo AG
Source Code Management	Source Code Management https://github.com/Mercateo/spring-security-jwt

Download spring-security-jwt

Filename	Size
spring-security-jwt-2.1.1.pom
spring-security-jwt-2.1.1.jar	1 MB
spring-security-jwt-2.1.1-tests.jar	42 KB
spring-security-jwt-2.1.1-sources.jar	53 KB
spring-security-jwt-2.1.1-javadoc.jar	266 KB
Browse

How to add to project

Apache Maven

<!-- https://jarcasting.com/artifacts/com.mercateo.spring/spring-security-jwt/ -->
<dependency>
    <groupId>com.mercateo.spring</groupId>
    <artifactId>spring-security-jwt</artifactId>
    <version>2.1.1</version>
</dependency>

Gradle Groovy

// https://jarcasting.com/artifacts/com.mercateo.spring/spring-security-jwt/
implementation 'com.mercateo.spring:spring-security-jwt:2.1.1'

Gradle Kotlin

// https://jarcasting.com/artifacts/com.mercateo.spring/spring-security-jwt/
implementation ("com.mercateo.spring:spring-security-jwt:2.1.1")

Apache Buildr

'com.mercateo.spring:spring-security-jwt:jar:2.1.1'

Apache Ivy

<dependency org="com.mercateo.spring" name="spring-security-jwt" rev="2.1.1">
  <artifact name="spring-security-jwt" type="jar" />
</dependency>

Groovy Grape

@Grapes(
@Grab(group='com.mercateo.spring', module='spring-security-jwt', version='2.1.1')
)

Scala SBT

libraryDependencies += "com.mercateo.spring" % "spring-security-jwt" % "2.1.1"

Leiningen

[com.mercateo.spring/spring-security-jwt "2.1.1"]

Dependencies

compile (12)

Group / Artifact	Type	Version
org.immutables : value-annotations	jar	2.7.5
org.immutables.vavr : vavr-encodings	jar	0.6.0
com.mercateo : default-immutables	jar	1.2.5
org.springframework.security : spring-security-web	jar	5.1.5.RELEASE
org.springframework.security : spring-security-config	jar	5.1.5.RELEASE
com.fasterxml.jackson.core : jackson-databind	jar	2.10.0
com.fasterxml.jackson.core : jackson-annotations	jar	2.10.0
com.auth0 : java-jwt	jar	3.8.0
com.auth0 : jwks-rsa	jar	0.8.1
org.slf4j : slf4j-api	jar	1.7.25
com.google.guava : guava	jar	27.1-jre
commons-codec : commons-codec	jar	1.12

provided (3)

Group / Artifact	Type	Version
org.projectlombok : lombok	jar	1.18.8
javax.servlet : javax.servlet-api	jar	3.1.0
org.immutables : value	jar	2.7.5

test (9)

Group / Artifact	Type	Version
junit : junit	jar	4.12
org.assertj : assertj-core	jar	3.12.2
org.mockito : mockito-core	jar	2.27.0
org.bouncycastle : bcprov-jdk15on	jar	1.61
org.springframework : spring-test	jar	5.1.13.RELEASE
org.springframework.security : spring-security-test	jar	5.1.5.RELEASE
org.springframework : spring-webmvc	jar	5.1.13.RELEASE
ch.qos.logback : logback-classic	jar	1.2.3
org.slf4j : jcl-over-slf4j	jar	1.7.25

Project Modules

There are no modules declared in this project.

com.mercateo.spring.spring-security-jwt

Example usage

How to add JWT support to your project.

Simple Example

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiaHR0cHM6Ly90ZXN0Lm9yZy9mb28iOiJiYXIiLCJpYXQiOjE1MTYyMzkwMjJ9.Ujx0Lo-2PjRMXd3xBh1kyf7XEOmGK2LttJJPDL1A4J4

contains payload

{
  "sub": "1234567890",
  "https://test.org/foo": "bar",
  "iat": 1516239022
}

see e.g. https://jwt.io/

Import the config and add a configuration bean

@Configuration
@Import(JWTSecurityConfiguration.class)
public class MyConfiguration {

    ...
    
    @Bean
    public JWTSecurityConfig securityConfig() {
        return JWTSecurityConfig.builder() //
                .addAnonymousPaths("/admin/app_health") //
                .addAnonymousMethods(HttpMethod.OPTIONS) //
                .addRequiredClaims("https://test.org/foo") //
                .addTokenAudiences("https://test.org/api") //
                .withTokenLeeway(300) //
                .build();
    }

    ...
}

Access the principal object to get claims from the token:

        final JWTPrincipal principal = JWTPrincipal.fromContext();

        log.info("principal foo {} with scopes '{}'",
              principal.getClaim("https://test.org/foo"),
              principal.getAuthorities());

Example with token verification

@Configuration
@Import(JWTSecurityConfiguration.class)
public class MyConfiguration {

    ...
    
    @Bean
    public JWTSecurityConfig securityConfig() {
        return JWTSecurityConfig
            .builder()
            .addAnonymousPaths("/admin/app_health")
            .addAnonymousMethods(HttpMethod.OPTIONS)
            .jwtKeyset(new Auth0JWTKeyset(auth0Domain))
            .addRequiredClaims("https://test.org/foo")
            .addRequiredClaims("https://test.org/bar")
            .addTokenAudiences("https://test.org/api")
            .withTokenLeeway(300)
            .build();
    }

    ...
}

Roles / scopes integration

The content of the scope claim is parsed into the list of granted authorities.

Usage

Add the dependency to your maven

    <dependency>
      <groupId>com.mercateo.spring</groupId>
      <artifactId>spring-security-jwt</artifactId>
      <version>2.1.0</version>
    </dependency>

Integrates in Spring Security.

Changelog:

2.1.1:

removed public reference about vavr

2.1.0:

refactored packaging
token handling improvements

2.0.1:

breaking change to the previous versions 1.x.y
updated dependencies
updated parent pom oss-parent-pom to version 1.0.9.
the public dependency on io.vavr is removed

What's next?

remove the dependency to io.vavr
add module-info for better compatibility with java 9 and later

the procurement platform for your business

Versions

Version
2.1.1 May 20, 2020
2.1.0 May 18, 2020
2.0.1 May 21, 2019
1.0.1 Sep 20, 2018
1.0.0 Sep 14, 2018
0.5.4 Jul 30, 2018
0.5.3 Jul 17, 2018
0.5.2 Jul 17, 2018
0.5.0 Jul 16, 2018
0.4.2 Jun 8, 2018
0.4.1 Mar 9, 2018
0.4.0 Jan 17, 2018
0.3.7 Sep 21, 2017
0.3.6 Sep 18, 2017
0.3.5 Sep 14, 2017
0.3.4 Sep 4, 2017
0.3.3 Aug 27, 2017
0.3.2 Aug 26, 2017
0.3.1 Aug 26, 2017
0.3.0 Aug 24, 2017
0.2.10 Aug 24, 2017
0.2.9 Aug 16, 2017
0.2.8 Aug 14, 2017
0.2.7 Aug 12, 2017
0.2.6 Aug 12, 2017
0.2.5 Aug 10, 2017
0.2.4 Aug 10, 2017
0.2.3 Aug 9, 2017
0.2.1 Aug 9, 2017
0.2.0 Aug 9, 2017
0.1.9 Aug 7, 2017
0.1.8 Aug 7, 2017
0.1.6 Aug 7, 2017
0.1.5 Aug 7, 2017
0.1.4 Aug 6, 2017
0.1.3 Aug 6, 2017
0.1.2 Aug 3, 2017
0.1.1 Aug 3, 2017

spring-security-jwt

License

Categories

GroupId

ArtifactId

Last Version

Release Date

Type

Description

Project URL

Project Organization

Source Code Management